Bug 51712

Summary: Regression in cache-control headers for requests with security-constraints
Product: Tomcat 7 Reporter: Michael Zampani <zampani>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: regression    
Priority: P2    
Version: 7.0.16   
Target Milestone: ---   
Hardware: All   
OS: All   
Attachments: Patch to revert isSecure() check

Description Michael Zampani 2011-08-23 20:55:25 UTC
Created attachment 27428 [details]
Patch to revert isSecure() check

Copied from http://markmail.org/thread/rlkpd3hqihc3zbji

CLN 1126273
http://svn.apache.org/viewvc?view=revision&revision=1126273
sets the default value for securePagesWithPragma to false, but also (re)added a request.isSecure() check to the block for adding the cache-control headers.

This results in the headers not being added for secure requests with security-constraints.  This is a change in behavior from Tomcat-7.0.14 that causes IE8 to improperly cache some secure pages.

The secure check was initially added in CLN 287690
http://svn.apache.org/viewvc?view=revision&revision=287690
to fix a bug in IE caching
https://issues.apache.org/bugzilla/show_bug.cgi?id=6641
but was commented out in CLN 302373
http://svn.apache.org/viewvc?view=revision&revision=302373

patch to remove isSecure() check added.
Comment 1 Mark Thomas 2011-08-29 14:43:15 UTC
Thanks for the patch. This has been applied to 7.0.x and will be included in 7.0.21 onwards.